# Exploit Title: Scopia XT Desktop 8.3.915.4 - Cross-Site Request Forgery (change admin password) # Google Dork: inurl:scopia+index.jsp # Date: 2020-09-09 # Exploit Author: v1n1v131r4 # Vendor Homepage: https://avaya.com # Software Link: https://support.avaya.com/downloads/download-details.action?contentId=C201772012204170_4&productId=P1605 # Version: 8.3.915.4 # Tested on: Windows 10 Pro # CVE : N/A # PoC: https://github.com/V1n1v131r4/Exploit-CSRF-on-SCOPIA-XT-Desktop-version-8.3.915.4 # CSRF to change admin password # The admin password will be changed to "attacker"